Created
May 5, 2012 20:21
-
-
Save bortzmeyer/2605348 to your computer and use it in GitHub Desktop.
Sample Apache's mod_security rules for rate-limiting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Activates mod_security | |
| SecRuleEngine On | |
| # Only filters requests for /toto | |
| SecRule REQUEST_FILENAME "!^/toto" "phase:1,skip:5,nolog" | |
| # Only filters requests for rosalind | |
| SecRule REQUEST_HEADERS:Host "rosalind\.abgenomica\.com" "phase:1,skip:5,nolog" | |
| # Stores the number of visits in variable IP.pagecount | |
| SecAction "phase:1,nolog,initcol:IP=%{REMOTE_ADDR},setvar:IP.pagecount=+1,expirevar:IP.pagecount=60" | |
| # Denies requests when excessive | |
| # 429 would be a better error status but mod_security rewrites it as 500 :-( | |
| SecRule IP:PAGECOUNT "@gt 3" "phase:1,deny,status:403,msg:'Too many requests'" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This seems to be outdated, current mod security seems to require ids in rules and also it shows this warning: ModSecurity: Invalid value for action ID XY
XY = line with > SecRule IP:PAGECOUNT "@gt 3" "phase:1,deny,status:403,msg:'Too many requests'"